package com.neiquan.backstage.web.filter;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.neiquan.backstage.common.util.ExtraSpringHibernateTemplate;
import com.neiquan.backstage.common.util.Sessions;
import com.neiquan.backstage.common.util.SpringContextUtils;
import com.neiquan.backstage.pub.bsc.dao.po.AdminUser;
import com.neiquan.backstage.pub.bsc.dao.po.Menu;
import com.neiquan.backstage.pub.bsc.dao.po.User;
import com.neiquan.backstage.pub.bsc.dao.po.UserPermission;

public class UserViewPermissionChecker {
	private static final String page_login = "/login.jsp"; //登陆页面
	private static final String page_register = "/register.jsp"; //注册页面
	private static final String page_bindinaccount = "/bindinaccount.jsp";//绑定页面
	private static final String page_alliance_member_list = "/platform_alliance_member_list.jsp"; //干活列表
	private static final String page_alliance_event_list = "/platform_event_list.jsp"; //干活列表
	private static final String page_alliance_event_detail = "/platform_event_detail.jsp"; //干活列表
	private static final String page_alliance_event_apply = "/platform_event_apply.jsp"; //干活列表
	private static final String page_alliance_member_detail = "/platform_alliance_member_detail.jsp"; //干活列表
	private static final String page_article_list = "/platform_article_list.jsp"; //干活列表
	private static final String page_article_detail = "/platform_article_detail.jsp";//干活详情
	private static final String page_partner_list = "/partner_list.jsp"; //合作伙伴
	private static final String page_partner_detail = "/partner_detail.jsp";//合作详情
	private static final String page_event_list = "/event_list.jsp";//活动列表
	private static final String page_event_apply = "/event_apply.jsp";//参加活动
	private static final String page_event_detail = "/event_detail.jsp";//活动详情
	private static final String page_convenience_service_list = "/convenience_service_list.jsp";//便民服务
	private static final String page_firm_list = "/firm_list.jsp";//入孵
	private static final String page_firm_detail = "/firm_detail.jsp";
	private static final String page_checking = "/checking.jsp";//待审核
	private static final String page_checkfail = "/checkfail.jsp";//审核失败
	private static final String page_forget_password = "/forgetpassword.jsp";//审核失败
	private static final List<String> public_pages = new ArrayList<>();
	private static final List<String> authc_pages = new ArrayList<>();

	static {
		public_pages.add(page_login);
		public_pages.add(page_register);
		public_pages.add(page_forget_password);
		public_pages.add(page_bindinaccount);
		public_pages.add(page_article_list);
		public_pages.add(page_alliance_event_list);
		public_pages.add(page_alliance_event_detail);
		public_pages.add(page_alliance_event_apply);
		public_pages.add(page_article_detail);
		public_pages.add(page_alliance_member_list);
		public_pages.add(page_alliance_member_detail);
		public_pages.add(page_partner_list);
		public_pages.add(page_partner_detail);
		public_pages.add(page_convenience_service_list);
		public_pages.add(page_event_list);
		public_pages.add(page_event_apply);
		public_pages.add(page_event_detail);
		public_pages.add(page_event_apply);
		public_pages.add(page_firm_list);
		public_pages.add(page_firm_detail);
		public_pages.add(page_checking);
		public_pages.add(page_checkfail);
	}

	public static boolean canAccessPage(String page, HttpServletRequest httpReq) throws PermissionDeniedException, NotLoginedException {
		Object loginedUserObject = Sessions.getLoginedUser(httpReq.getSession());
		User user = loginedUserObject instanceof User ? (User) loginedUserObject : null;

		if (public_pages.contains(page)) {
			// 特殊页面，公共权限，无需登录
			return true;
		}

		if (user == null) {
			// 未登录
			throw new NotLoginedException();
		}

		if (authc_pages.contains(page)) {
			// 特殊页面，任何用户登录后即可访问
			return true;
		}

		if (isBossinUser(user)) {
			// 超级管理员，拥有最高权限
			return true;
		}

		/*
		if (existPermission(user, page)) {
			// 满足权限
			return true;
		} else {
			// 不满足权限
			throw new PermissionDeniedException();
		}
		*/
		return true;
	}

	public static void sendRedirectPageLogin(HttpServletRequest httpReq, HttpServletResponse httpResp) throws IOException {
		String memberId = httpReq.getParameter("memberId");
		if(memberId!=null){
			int id=Integer.parseInt(memberId);
			httpResp.sendRedirect(httpReq.getContextPath() + page_login+"?memberId="+id);
		}
		httpResp.sendRedirect(httpReq.getContextPath() + page_login);
	}

	public static void sendRedirectPagePermissionDenied(HttpServletRequest httpReq, HttpServletResponse httpResp) throws IOException {
		String memberId = httpReq.getParameter("memberId");
		int id=Integer.parseInt(memberId);
		if(memberId!=null){
			httpResp.sendRedirect(httpReq.getContextPath() + page_login+"?memberId="+id);
		}
		httpResp.sendRedirect(httpReq.getContextPath() + page_checkfail);
	}

	@SuppressWarnings("unchecked")
	private static boolean existPermission(User loginedUser, String page) {
		ExtraSpringHibernateTemplate extraSpringHibernateTemplate = SpringContextUtils.getApplicationContext().getBean(ExtraSpringHibernateTemplate.class);
		Integer type = loginedUser.getType();
		String hql = "FROM UserPermission WHERE userPermissionId IN (SELECT urp.userPermissionId FROM UserTypeToPermission urp WHERE urp.userType=?)";
		List<UserPermission> listUP = (List<UserPermission>) extraSpringHibernateTemplate.getHibernateTemplate().find(hql, type);
		for (UserPermission up : listUP) {
			if (up.getUri().equals(page)) {
				return true;
			}
		}
		return false;
	}

	private static boolean isBossinUser(User loginedUser) {
		Integer type = loginedUser.getType();
		return type != null && type == User.type_boss;
	}
}
